A Safety Instrumented System (SIS) is a control system consisting of sensors, one or more controllers (often referred to as logic solvers), and final elements. The primary purpose of an SIS is to monitor an industrial process for potentially dangerous conditions and either issue alarms or execute pre-programmed actions. These actions are designed to either prevent a hazardous event from occurring or mitigate its consequences should it occur.
A SIS implements one or more Safety Instrumented Functions (SIFs). It typically includes several safety functions, each with a different Safety Integrity Level (SIL). Therefore, it is not appropriate to describe an SIS with a single SIL. Instead, SIS is designed and managed to achieve specific SIL requirements for individual functions.
It is important to distinguish between a SIS and a SIF. A SIF encompasses a single function, acting in one specific way to prevent a single harmful outcome. In contrast, a single SIS may contain multiple SIFs, each with its own unique SIL. This makes it incorrect and ambiguous to assign a single SIL to an entire safety instrumented system.
The IEC 61508 standard does not use the term “Safety Instrumented System (SIS)” but instead refers to it as a “safety-related system.” This term conveys the same concept but uses language that can be broadly applied across various industries.
Practitioners often prefer a more functional definition of an SIS, such as:
- A system composed of sensors, logic solvers, and final elements, designed to:
- Automatically take an industrial process to a safe state when specified conditions are violated.
- Allow a process to move forward safely when specified conditions permit (permissive functions).
- Mitigate the consequences of an industrial hazard through specific actions.
This definition highlights that an SIS may be responsible for shutdown functions, permissive functions, and consequence reduction (mitigation) functions. All these functions share a common attribute: they reduce risk. As a result, one common interpretation of an SIS is that it is an automatic risk reduction system.
In some cases, an SIS reduces risk by decreasing the likelihood of a potential hazard. In other cases, it decreases risk by reducing the severity of the consequences. Regardless of the approach, the core objective of an SIS remains consistent: to enhance safety and minimize industrial risks effectively.
Top References
- Safety Instrumented Systems Verification: Practical Probabilistic Calculations by William M. Goble Harry Cheddie
- Control Systems Safety Evaluation and Reliability by William M. Goble
- www.exida.com
